CVE-2018-10705

Name of the Vulnerable Software and Affected Versions Aurora DAO (AURA) (affected versions not specified)

Description The issue concerns the Owned smart contract implementation for Aurora DAO, an Ethereum ERC20 token. It allows attackers to acquire contract ownership due to the setOwner function being declared as public. This enables an attacker to conduct a lockBalances() denial of service attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.